Comments (8)
Have you tried using the -v
(verbose) flag or the -p
(privileged, start another container) flag?
I ran across a similar failure, and with the verbose logs I saw that the upload of tcpdump failed due to the container having a read-only filesystem. Spawning a separate debug container via the -p
flag let me work around this.
from ksniff.
I was hitting the same error but using -p flag does help.
Thanks @kppullin
from ksniff.
I can get this issue when my nodes try to spin up the pod and Kubernetes set the pod to status "Outofcpu" and then the 126 failure code is due to the pod timing out being created, this may explain some of the above issue. hope this helps someone.
from ksniff.
Maybe you should use -c
(specified container) to specify a container which you want to observe.
from ksniff.
I had the same exit code 126.
INFO[0000] command: '[/tmp/static-tcpdump -i any -U -w - ]' executing successfully exitCode: '126', stdErr :''
ERRO[0000] failed to start remote sniffing, stopping wireshark error="executing sniffer failed, exit code: '126'"
In my case, the target cluster is ARM64 (Rasberry Pi), and compiling static-tcpdump on an ARM host fixed the issue.
- Copile static-tcpdump on an ARM64 linux. (
git clone
andmake static-tcpdump
) - Copy the static file to the target pod. (
kubectl cp ./static-tcpdump <target-pod>:/tmp/static-tcpdump
) - Run
kubectl sniff
to the pod
from ksniff.
Hi all, Are any of you still hitting this issue? I've not been able to reproduce anything similar.
from ksniff.
I have the same problem. Windows 11.
time="2022-02-16T18:08:46-07:00" level=info msg="using tcpdump path at: 'C:\\Users\\TrevorSullivan\\scoop\\persist\\krew\\.krew\\store\\sniff\\v1.6.2\\static-tcpdump'"
time="2022-02-16T18:08:48-07:00" level=info msg="no container specified, taking first container we found in pod."
time="2022-02-16T18:08:48-07:00" level=info msg="selected container: 'web01'"
time="2022-02-16T18:08:48-07:00" level=info msg="sniffing method: upload static tcpdump"
time="2022-02-16T18:08:48-07:00" level=info msg="sniffing on pod: 'web01' [namespace: 'nginx', container: 'web01', filter: '', interface: 'any']"
time="2022-02-16T18:08:48-07:00" level=info msg="uploading static tcpdump binary from: 'C:\\Users\\TrevorSullivan\\scoop\\persist\\krew\\.krew\\store\\sniff\\v1.6.2\\static-tcpdump' to: '/tmp/static-tcpdump'"
time="2022-02-16T18:08:48-07:00" level=info msg="uploading file: 'C:\\Users\\TrevorSullivan\\scoop\\persist\\krew\\.krew\\store\\sniff\\v1.6.2\\static-tcpdump' to '/tmp/static-tcpdump' on container: 'web01'"
time="2022-02-16T18:08:48-07:00" level=info msg="executing command: '[/bin/sh -c test -f /tmp/static-tcpdump]' on container: 'web01', pod: 'web01', namespace: 'nginx'"
time="2022-02-16T18:08:49-07:00" level=info msg="command: '[/bin/sh -c test -f /tmp/static-tcpdump]' executing successfully exitCode: '0', stdErr :''"
time="2022-02-16T18:08:49-07:00" level=info msg="file found: ''"
time="2022-02-16T18:08:49-07:00" level=info msg="file was already found on remote pod"
time="2022-02-16T18:08:49-07:00" level=info msg="tcpdump uploaded successfully"
time="2022-02-16T18:08:49-07:00" level=info msg="spawning wireshark!"
time="2022-02-16T18:08:49-07:00" level=info msg="start sniffing on remote container"
time="2022-02-16T18:08:49-07:00" level=info msg="executing command: '[/tmp/static-tcpdump -i any -U -w - ]' on container: 'web01', pod: 'web01', namespace: 'nginx'"
time="2022-02-16T18:08:49-07:00" level=info msg="starting sniffer cleanup"
time="2022-02-16T18:08:49-07:00" level=info msg="sniffer cleanup completed successfully"
Privileged Mode
time="2022-02-16T18:10:20-07:00" level=info msg="no container specified, taking first container we found in pod."
time="2022-02-16T18:10:20-07:00" level=info msg="selected container: 'web01'"
time="2022-02-16T18:10:20-07:00" level=info msg="sniffing method: privileged pod"
time="2022-02-16T18:10:20-07:00" level=info msg="sniffing on pod: 'web01' [namespace: 'nginx', container: 'web01', filter: '', interface: 'any']"
time="2022-02-16T18:10:20-07:00" level=info msg="creating privileged pod on node: 'ip-192-168-71-207.us-west-2.compute.internal'"
time="2022-02-16T18:10:20-07:00" level=info msg="pod: 'ksniff-2m5ql' created successfully in namespace: 'nginx'"
time="2022-02-16T18:10:20-07:00" level=info msg="waiting for pod successful startup"
time="2022-02-16T18:10:28-07:00" level=info msg="pod: 'ksniff-2m5ql' created successfully on node: 'ip-192-168-71-207.us-west-2.compute.internal'"
time="2022-02-16T18:10:28-07:00" level=info msg="spawning wireshark!"
time="2022-02-16T18:10:28-07:00" level=info msg="starting remote sniffing using privileged pod"
time="2022-02-16T18:10:28-07:00" level=info msg="executing command: '[docker --host unix:///var/run/docker.sock run --rm --name=ksniff-container-pAzcZbOM --net=container:c038f82f09d52f6ad77d3e4c40c08fc8bfaa313bb473c47977c7ccd70ab523d6 maintained/tcpdump -i any -U -w - ]' on container: 'ksniff-privileged', pod: 'ksniff-2m5ql', namespace: 'nginx'"
time="2022-02-16T18:10:28-07:00" level=info msg="starting sniffer cleanup"
time="2022-02-16T18:10:28-07:00" level=info msg="removing privileged container: 'ksniff-privileged'"
time="2022-02-16T18:10:28-07:00" level=info msg="executing command: '[docker --host unix:///var/run/docker.sock rm -f ksniff-container-pAzcZbOM]' on container: 'ksniff-privileged', pod: 'ksniff-2m5ql', namespace: 'nginx'"
time="2022-02-16T18:10:29-07:00" level=info msg="command: '[docker --host unix:///var/run/docker.sock rm -f ksniff-container-pAzcZbOM]' executing successfully exitCode: '0', stdErr :'Error: No such container: ksniff-container-pAzcZbOM\n'"
time="2022-02-16T18:10:29-07:00" level=info msg="privileged container: 'ksniff-privileged' removed successfully"
time="2022-02-16T18:10:29-07:00" level=info msg="removing pod: 'ksniff-2m5ql'"
time="2022-02-16T18:10:29-07:00" level=info msg="removing privileged pod: 'ksniff-2m5ql'"
time="2022-02-16T18:10:29-07:00" level=info msg="privileged pod: 'ksniff-2m5ql' removed"
time="2022-02-16T18:10:29-07:00" level=info msg="pod: 'ksniff-2m5ql' removed successfully"
time="2022-02-16T18:10:29-07:00" level=info msg="sniffer cleanup completed successfully"
from ksniff.
Hi all, Are any of you still hitting this issue? I've not been able to reproduce anything similar.
I got the same working with Kubernetes 1.19, Istio 1.9.9:
ERRO[0005] failed to start remote sniffing, stopping wireshark error="executing sniffer failed, exit code: '126'"
,
and flag -p
worked.
from ksniff.
Related Issues (20)
- can't run in privileged mode
- Openshift 4.10 Mac M1 nsenter: can't execute 'tcpdump': No such file or directory
- sniff on RKE2 fails to create the ksniff pod HOT 2
- Vulnerable 3rd party libs
- Release new version HOT 1
- Add istio inject false label/annotation
- Add ARM linux based static-tcpdump HOT 1
- ksniff failing to create a privileged pod on the node with taints
- Issues running on arm64 HOT 1
- Can ksniff be used for one-time packet captures (~10 min) in production environment for debugging purposes? Apart from clean up of left over pods or containers, what else should I look into after using it for a short pcap?
- cloud storage support for sniff output
- Not able to build static-tcpdump on Ubuntu 22.04 Jammy
- Can we take tcpdump on multiple pods using ksniff ? For an example if a namespace has 4 PODs running can we take TCPDUMP on all the 4 PODs using kubectl sniff -p <pod1> <pod2> <pod3>
- 'kubectl sniff' command returning 139 exit/error code during execution. RCA required for failed attempt at packet capture so that workaround can be identified. HOT 6
- exitCode: '126' when using --tcpdump-image for an airgapped scenario HOT 1
- kubectl sniff fails with certificate error.
- Incorrect Makefile install path for kubectl >= 1.28
- K8S API client 30s timeout: request canceled (Client.Timeout exceeded while awaiting headers)
- ksnif with GKE (cos) capture with privileged (-p) option: Nothing get captured
- installation error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ksniff.